All of lore.kernel.org
 help / color / mirror / Atom feed
From: Don Dutile <ddutile@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>,
	Alexander Duyck <alexander.duyck@gmail.com>
Cc: Bjorn Helgaas <helgaas@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	linux-pci <linux-pci@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	Alexander Duyck <alexander.h.duyck@intel.com>,
	"Bryant G. Ly" <bryantly@linux.vnet.ibm.com>,
	Bodong Wang <bodong@mellanox.com>,
	Alex Williamson <alex.williamson@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	kvm@vger.kernel.org
Subject: Re: [PATCH] uio/uio_pci_generic: Add SR-IOV support
Date: Mon, 2 Oct 2017 18:02:55 -0400	[thread overview]
Message-ID: <01545a87-f121-299f-9e7e-48fe17378ff1@redhat.com> (raw)
In-Reply-To: <1506971418.18322.47.camel@infradead.org>

On 10/02/2017 03:10 PM, David Woodhouse wrote:
> On Mon, 2017-10-02 at 14:52 -0400, Don Dutile wrote:
>> On 10/02/2017 08:35 AM, David Woodhouse wrote:
>>> This would allow you to enable SR-IOV on a PF before its driver is
>>> loaded, right? Even when that driver *is* going to need to perform
>>> resource management for those VFs?
>>>
>>> Would existing drivers cope with SR-IOV being enabled, and VFs being
>>> assigned to guests, before they're loaded? If so then sure, let's do it
>>> generically. But I'm not sure that's the case.
>>>
>> No better than a uio driver/mgmt api that may have to configure a PF
>> before a VF is enabled.
>
> Conceptually, the current model is that you don't have SR-IOV until you
> have a driver loaded for the physical function which can do any
> necessary resource management.
>
> That's *why* the generic "sriov_numvfs" interface in sysfs isn't
> present until such a driver is loaded.
>
> In the UIO case, *userspace* is responsible for the PF. So it's not an
> "attack vector"; we let userspace do what it likes with the PF and that
> includes enabling SR-IOV too.
>
> Do we actually *disable* SR-IOV when a (UIO or in-kernel) driver for
> the PF is unloaded? If not, that's the only "attack vector" I see — to
> load a driver which permits SR-IOV to be enabled, and do so, and then
> unload it and load a different driver which doesn't cope.
>
> And each driver in that scenario can be either an in-kernel driver or
> UIO+userspace; it doesn't matter either way. The patch I sent is just
> following the *existing* model.
>
> But sure, my question was intended to ask whether we want to *stick*
> with that model. Given the answers I got, my own conclusion was that we
> probably do...
>
ok. got the whole picture now.
+1 to your reply.

  reply	other threads:[~2017-10-02 22:03 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-27 12:59 [PATCH] uio/uio_pci_generic: Add SR-IOV support David Woodhouse
2017-09-27 22:00 ` Bjorn Helgaas
2017-09-27 22:20   ` David Woodhouse
2017-09-27 23:06     ` Alexander Duyck
2017-09-28 12:22       ` Don Dutile
2017-09-28 13:46         ` David Woodhouse
2017-09-28 15:05           ` Don Dutile
2017-09-28 15:52             ` David Woodhouse
2017-09-28 16:56               ` Don Dutile
2017-10-02 12:35                 ` David Woodhouse
2017-10-02 18:52                   ` Don Dutile
2017-10-02 19:10                     ` David Woodhouse
2017-10-02 22:02                       ` Don Dutile [this message]
2017-09-28 12:12   ` Don Dutile

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=01545a87-f121-299f-9e7e-48fe17378ff1@redhat.com \
    --to=ddutile@redhat.com \
    --cc=alex.williamson@redhat.com \
    --cc=alexander.duyck@gmail.com \
    --cc=alexander.h.duyck@intel.com \
    --cc=bodong@mellanox.com \
    --cc=bryantly@linux.vnet.ibm.com \
    --cc=dwmw2@infradead.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=helgaas@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=mst@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.